diff options
Diffstat (limited to 'host')
| -rw-r--r-- | host/asterix.nix | 5 | ||||
| -rw-r--r-- | host/automatix.nix | 13 | ||||
| -rw-r--r-- | host/hardware/automatix.nix | 25 | ||||
| -rw-r--r-- | host/obelix.nix | 5 | ||||
| -rw-r--r-- | host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem | 23 | ||||
| -rw-r--r-- | host/role/conf/vpn/kit.ovpn.nix | 19 | ||||
| -rw-r--r-- | host/role/desktop.nix | 45 |
7 files changed, 133 insertions, 2 deletions
diff --git a/host/asterix.nix b/host/asterix.nix index 0112617..d925259 100644 --- a/host/asterix.nix +++ b/host/asterix.nix @@ -1,5 +1,8 @@ { - imports = [ ./hardware/asterix.nix ]; + imports = [ + ./hardware/asterix.nix + ./role/desktop.nix + ]; boot = { loader.grub = { diff --git a/host/automatix.nix b/host/automatix.nix new file mode 100644 index 0000000..fd819f4 --- /dev/null +++ b/host/automatix.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +{ + imports = [ ./hardware/automatix.nix ]; + + boot.loader.grub = { + enable = true; + version = 2; + device = "/dev/sda"; + }; + + networking.hostName = "automatix"; +} diff --git a/host/hardware/automatix.nix b/host/hardware/automatix.nix new file mode 100644 index 0000000..4b35109 --- /dev/null +++ b/host/hardware/automatix.nix @@ -0,0 +1,25 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ec324e84-6766-49b7-ad5e-583e78a35432"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/05f0315c-f5f5-4471-b2ef-6e53b95cb08b"; } + ]; + + nix.maxJobs = lib.mkDefault 1; +} diff --git a/host/obelix.nix b/host/obelix.nix index 5d6206c..f876a61 100644 --- a/host/obelix.nix +++ b/host/obelix.nix @@ -1,7 +1,10 @@ { pkgs, ... }: { - imports = [ ./hardware/obelix.nix ]; + imports = [ + ./hardware/obelix.nix + ./role/desktop.nix + ]; boot = { loader.grub = { diff --git a/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem b/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem new file mode 100644 index 0000000..374b050 --- /dev/null +++ b/host/role/conf/vpn/T-TeleSec_GlobalRoot_Class_2.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
+AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
+FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
+1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
+jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
+wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
+WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
+NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
+IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
+g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
+BSeOE6Fuwg==
+-----END CERTIFICATE-----
diff --git a/host/role/conf/vpn/kit.ovpn.nix b/host/role/conf/vpn/kit.ovpn.nix new file mode 100644 index 0000000..82a21ee --- /dev/null +++ b/host/role/conf/vpn/kit.ovpn.nix @@ -0,0 +1,19 @@ +# adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn + +'' +client +remote 141.52.8.20 +port 1194 +dev tun +proto udp +auth-user-pass +nobind +comp-lzo no +tls-version-min 1.2 +ca ${./T-TeleSec_GlobalRoot_Class_2.pem} +verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject +cipher AES-256-CBC +auth SHA384 +verb 3 +script-security 2 +'' diff --git a/host/role/desktop.nix b/host/role/desktop.nix new file mode 100644 index 0000000..cf20500 --- /dev/null +++ b/host/role/desktop.nix @@ -0,0 +1,45 @@ +{ pkgs, ... }: + +{ + fileSystems."/".options = [ "noatime" "nodiratime" "discard" ]; + + sound.enable = true; + hardware = { + opengl.driSupport32Bit = true; + pulseaudio = { + enable = true; + support32Bit = true; + }; + }; + + services = { + journald = { + extraConfig = ''Storage=volatile''; + }; + + openvpn.servers = { + KIT = { + config = import ./conf/vpn/kit.ovpn.nix; + autoStart = false; + }; + }; + + xserver = { + enable = true; + layout = "de"; + xkbOptions = "caps:escape"; + + displayManager.slim = { + enable = true; + autoLogin = true; + defaultUser = "common"; + }; + + desktopManager.default = "none"; + }; + }; + + environment.systemPackages = with pkgs; [ + hdparm ntfs3g + ]; +} |